To compress or not to compress: Understanding the Interactions between Adversarial Attacks and Neural Network Compression
This addresses security concerns for compressed models on edge devices, but it is incremental as it builds on existing adversarial attack and compression research.
The paper investigates the transferability of adversarial samples between uncompressed and compressed deep neural networks, finding that adversarial samples remain transferable for pruned models and are sensitive to integer precision in quantized models.
As deep neural networks (DNNs) become widely used, pruned and quantised models are becoming ubiquitous on edge devices; such compressed DNNs are popular for lowering computational requirements. Meanwhile, recent studies show that adversarial samples can be effective at making DNNs misclassify. We, therefore, investigate the extent to which adversarial samples are transferable between uncompressed and compressed DNNs. We find that adversarial samples remain transferable for both pruned and quantised models. For pruning, the adversarial samples generated from heavily pruned models remain effective on uncompressed models. For quantisation, we find the transferability of adversarial samples is highly sensitive to integer precision.